def verify(message, signature, pub_key): """Verifies that the signature matches the message. The hash method is detected automatically from the signature. :param message: the signed message. Can be an 8-bit string or a file-like object. If ``message`` has a ``read()`` method, it is assumed to be a file-like object. :param signature: the signature block, as created with :py:func:`rsa.sign`. :param pub_key: the :py:class:`adafruit_rsaPublicKey` of the person signing the message. :raise VerificationError: when the signature doesn't match the message. :returns: the name of the used hash. """ keylength = common.byte_size(pub_key.n) encrypted = transform.bytes2int(signature) decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n) clearsig = transform.int2bytes(decrypted, keylength) # Get the hash method method_name = _find_method_hash(clearsig) message_hash = compute_hash(message, method_name) # Reconstruct the expected padded hash cleartext = HASH_ASN1[method_name] + message_hash expected = _pad_for_signing(cleartext, keylength) # Compare with the signed one if expected != clearsig: raise VerificationError("Verification failed") return method_name
def find_signature_hash(signature, pub_key): """Returns the hash name detected from the signature. If you also want to verify the message, use :py:func:`adafruit_rsaverify()` instead. It also returns the name of the used hash. :param signature: the signature block, as created with :py:func:`adafruit_rsasign`. :param pub_key: the :py:class:`adafruit_rsaPublicKey` of the person signing the message. :returns: the name of the used hash. """ keylength = common.byte_size(pub_key.n) encrypted = transform.bytes2int(signature) decrypted = core.decrypt_int(encrypted, pub_key.e, pub_key.n) clearsig = transform.int2bytes(decrypted, keylength) return _find_method_hash(clearsig)